Target Data Breach: Perspective of the Financial Institution

Yet another big data breach has been announced. This time the data breach is from Target, one of the largest retailers in the country. The number of credit and debit cards at risk are over 40 million per the retailer's estimates. The timeline for data theft was from November 29th through as late as December 15th at their retail stores across the country.

These data breaches are not good for consumers, but they really hurt the ultimate victim which is the financial institutions themselves who issue the credit or debit cards. Why? It is the financial institutions that must eat the costs of fraud losses, card replacements, and employee manpower in responding to these data breaches. If a $500 fraudulent transaction takes place on a North Alabama Educators Credit Union member's account that member will receive their $500 back into their account upon dispute of the unauthorized transaction. The credit union has to cover the $500 loss plus the cost of reissuing a new card. For a large exposure list like this Target breach you are talking about hundreds of member card accounts in our case that must be blocked and reissued. That takes valuable employee time and expense to correct a situation that was neither the fault of the member's or the credit union. A breach of another local retailer recently produced fraud losses in excess of $30,000 for the credit union. It is the financial institutions that are bearing the greatest costs associated with these data breach incidents. Most of these costs need to be shifted back to the merchants responsible for allowing the data theft. This can be done either through civil litigation or regulatory actions to hold merchants responsible for their loss of consumer data.

The tricky part about replacing compromised cards is that members are still using their old cards. The credit union tries to avoid the situation where we have to block a card first and then mail out a replacement card. Obviously if fraud is already taking place on a specific account we would have no choice but to block any and all activity using that particular card. The credit union recently had an area retailer that was identified by law enforcement as the source for stolen card data that was resulting in fraudulent transactions taking place very quickly. In cases like this, the credit union had no choice but to block any cards that had been used at the establishment. This can result in members receiving a card transaction denial for a transaction. We are working on a better notification system to notify members either by phone, email, or text when these type situations develop.

Something is going to have to change to reduce these fraud losses. Retailers need to be held accountable. More restrictions such as reduced daily card limits and requiring PIN based transactions for certain merchants/locations may become a reality also. VISA and MasterCard would like to have their cards treated like cash and do not want picture ID's and other verification steps utilized to validate a consumer. The business model for the card payment industry is going to have to change however for financial institutions since these large financial losses are hurting financial institutions. It is hurting North Alabama Educators Credit Union for certain. Be looking for debit card usage changes in 2014 as a result.

Health Insurance Rate Increase

The Credit Union recently received our annual group health insurance renewal information from Blue Cross Blue Shield of Alabama. There had been some anxiety over this renewal due to the implementation of the Affordable Care Act. Our management staff had heard about possible rate increases but nobody was prepared for the reality of the actual increases reflected in our annual renewal package.

To begin with, our prior health insurance plan (a very good health plan) through Blue Cross Blue Shield of Alabama was no longer available. It was not a "qualified" plan under the Affordable Care Act which basically means it did not match any of the tiered plans now available as a result of the law's implementation. So much for being able to keep our current health plan if we wanted to. The most similar plan that Blue Cross Blue Shield of Alabama has now to our previous group health care plan would see a 42.5% increase across our entire group of employees. The next lower benefit group health plan, with reduced benefits to our employees, would still reflect a healthy increase of 19.2% over the cost of our prior plan. These figures of course were shocking numbers for an employer who pays 100% of the employee's individual health care plan as a benefit of employment. The additional annual costs to the Credit Union would range from $19,000 to $40,000+ depending on which plan is selected. Obviously the Credit Union will have to review our benefits package as a result of these enormous cost increases.We value our employees very much but cannot bear these type of increases overnight.

Nothing about the Affordable Care Act is proving to be affordable so far. Older workers (from age 50 to 65) will find it very difficult to retire or pay for health insurance on their own since monthly insurance premiums would range from $700 to $1,000+ PER MONTH for this age group. People who could not afford health insurance before will find the costs higher, at least for now. Blue Cross Blue Shield and the other insurance companies will say that rates are now higher because of Affordable Care Act taxes included in all plans, no underwriting for individual approvals, and no exclusions for preexisting conditions. It could also be debated though that more people paying for insurance should in theory lesson the costs.

Employers will be forced to make changes to employee benefits, reduce staff, or utilize more part-time employees to reduce the costs of benefits. Other employers throughout Alabama are seeing similar rate increases from Blue Cross Blue Shield of Alabama which has roughly 88% of the state health insurance market. There has been considerable discussion about the merits of the Affordable Care Act over the past few years. Everyone does need health care which is why North Alabama Educators Credit Union has provided this necessary benefit to our employees. The issue now however is the cost of health care. Again, right now there is nothing affordable about the Affordable Care Act. We are hopeful that changes and other health care options can improve the rather dismal picture that we have before us now.

Debt Ceiling of United States

Congress has been kicking the can down the road on debt ceilings for many years now. A deadline date is looming that requires another increase in the allowable debt ceiling to insure that government obligations get paid as promised. Really? It is one thing to borrow money for long term projects that can be seen as an investment in the country's future, but to continually raise the nation's credit line to fund check disbursements for monthly obligations is troubling to say the least. Financial literacy resources for consumers has been a hot topic for credit unions over the past few years. It seems as if financial literacy education is necessary by our leaders in Congress as well. The current debt situation of the United States is not a political party issue as both major political parties have greatly contributed to the excess spending habit in Washington. Expenses need to fall closer in line with revenues.We can't continue to borrow money to fund basic operations of government. Like consumers, our government needs to live within its means.

Our nation's economy and business community need leadership and financial stability out of Washington, DC. A further reduction of the nation's credit rating is at risk because the credit rating services all said how and why it would be lowered possibly in the future. Inaction and unsatisfactory attention to the debt problem would result in a further lowering of the credit rating. That pretty much sums up what has occurred in Washington. Why would it matter if the credit rating were lowered? Financial markets and retirement accounts could take a hit. Most investment policies require a minimum investment grade for investments held within a portfolio. When owned investments fall below the minimum investment grade level they must be sold and removed from the portfolio. When the volume of selling goes up, what generally happens to the price?? Demand would also be lowered because there would be less investment buyers available. A large supply combined with low demand  would translate to greatly reduced values for investments backed by the United States government. This scenario possibility is not good at all.

Our nation's debt is not going away. It increases in size every day. The level of debt held by the United States is not a political party issue. It is an American issue. The message to Congress should be clear - address the debt problem and begin a plan to reduce the nation's debt. Any action would be better than no action. Hopefully Congress will recognize the financial stakes at play here and formulate an effective debt reduction plan.

Don't Tax My Credit Union

Congress is currently considering a total re-write of the tax code that could impact North Alabama Educators Credit Union. The bankers of course are leading the effort to remove the tax exempt status of credit unions as they claim credit unions have an "unfair" advantage over banks since credit unions do not pay corporate income taxes. Unfair advantage? As of December 2012, the credit union industry in Alabama maintained a whopping 7.2% market share of assets held by all financial institutions in the state. Banks, Savings & Loans, and Savings Banks held 92.8% of all assets within the state of Alabama. Clearly, banks are not being harmed by credit unions.

It is also interesting to note that 1/3 of all banks within the state of Alabama are organized as Subchapter S Corporations that do not pay corporate income taxes. The Subchapter S Bank Association, Inc. reports that roughly 1/3 of all financial institutions in the entire country are now organized as Subchapter S Corporations. These banks are not paying corporate income taxes and offer none of the true credit union benefits of higher savings rates on deposits, lower rates on loans, and reduced or no fees on services.

Credit unions in the marketplace keep the banking community honest on rates and fees. Recently, North Alabama Educators Credit Union helped a member to refinance her vehicle loan that had been financed through a bank at a dealership. This member, with a good credit score above 700, was charged a high rate of 13.00% APR with a bank. The credit union was able to refinance that loan at a much lower rate of 3.10% APR and provide a much lower monthly payment!! Credit unions make a difference in people's lives and this was an excellent example.We have also seen examples where a bank will lower their rate to match our rate at a dealership to finance the purchase. The credit union was the only reason why the lower rate was offered in these cases. Again, another example of credit unions helping consumers.

We are asking our members to visit http://www.donttaxmycreditunion.org/ and review the issue at hand regarding the tax exemption status of credit unions. There is an excellent short video on the web site explaining the issues. Members are encouraged to send along their comments to Congress via a contact link on the linked page. Members own North Alabama Educators Credit Union. A corporate tax on North Alabama Educators Credit Union would be a tax on each of our members.

Payday Lending Review

Preparations for a Payday Lending presentation have been pretty eye opening in terms of the loan volume and costs associated with payday loans. The Consumer Financial Protection Bureau (CFPB) conducted a study on the industry which revealed some big numbers. There were roughly 90 million payday loans given to borrowers nationwide in 2012. A detailed sample review of 15 million payday loans showed that the median payday loan was for $350, for a period of 14 days, at an average cost of $15 per $100 borrowed. The average annual percentage rate the CFPB reported was 322% APR. 

Nearly half of the sample group (48%) of payday borrowers had more than 10 transactions with payday lenders during the 12 month period. 14% of the same group actually had 20 or more loans during the 12 months. A high percentage, 76%, of the industry's total loan volume comes from repeat loans and rolled over loans. These loans may be advertised for short term, emergency purposes but they most often become long term debt problems of the consumer. 

There are roughly 1,179 payday lenders in Alabama. The State of Alabama allows a maximum rate of 456.25% APR on payday and cash advance loans. The Alabama Legislature was reviewing a payday lending bill during the 2013 regular session that would have reduced the maximum APR from 456.25% down to 36.00% APR. The bill would also have set the minimum term to 30 days, limit the number of loans per year, and would have established a database to monitor these type of loans. The bill never was introduced outside of the committee. Hopefully this issue will be revisited   during the 2014 regular session with more successful results. 

Payday loans are very popular as evidenced by the many storefront locations throughout our city and state. Online payday lending is now a growing trend in this industry. These are high cost loans to say the least. Consumer education is needed to compare the various financing options. There are other options available. Most credit unions offer higher risk, small balance loans to members who have established member relationships. As a state chartered credit union, North Alabama Educators Credit Union can charge no more than 19.00% APR on a personal loan which is far less than the 322.00% APR average rate reported by the CFPB. 

Changes to VISA Debit Cards

Unfortunately many of our members using VISA Debit Cards are all too familiar with recent merchant data breaches over the past few years that have resulted in unauthorized activity on some member accounts. So far in 2013 the credit union has seen card fraud losses of over $35,000 on fraudulent transactions resulting from data breaches taking place with merchants. Neither the credit union nor the members have done anything wrong with these well publicized data breaches. Zaxby’s and Mapco Express are the most recent well publicized merchants involved with data theft of cards used at their establishments.

Members are not responsible for unauthorized charges on their accounts. That leaves the credit union to cover the losses associated with these data breaches and the counterfeit card activity that comes afterwards. To reduce the losses being realized by North Alabama Educators Credit Union, the following data changes are being made to VISA Debit Card operating rules for members when they utilize their cards. (Please note that all card issuers have similar operating rules in place);

A daily max limit of $3,000 for purchases will be in effect for VISA Debit Cards. If members know that they will have purchases that will exceed this daily amount they can call or visit one of our branch offices to request a temporary purchase limit increase for that day. Members could also write a check for larger purchase amounts if accepted by the merchant.

An hourly number of individual VISA Debit Card purchases will be limited to no more than 7 transactions per hour. Scammers and stolen card thieves hit hard and quickly when using someone else’s card. Our Fraud Monitoring Service constantly monitors VISA Debit Card transactions and scores them according to a risk score created by where and how the card is being used. Purchasing multiple gift cards with stolen cards is becoming more commonplace among card thieves. Once a card is declined, card thieves move on to another card.

The Credit Union is also pursuing more aggressive live fraud monitoring options that could decline a fraudulent transaction BEFORE it occurs. Denying transactions live before they receive an authorization is a balancing act between actual risk and perceived risk. Members these days can wake up in Huntsville, Alabama and be anywhere else in the country later that same day. It is very important that the credit union have accurate cell phone and other contact phone numbers to contact members when a card transaction is deemed to be suspicious. Our Fraud Monitoring Team will never call and ask for your personal information but will instead ask you about specific card activity taking place on your card to verify if they are valid or not.

We regret having to make these operational changes with regards to VISA Debit Cards. Consumers have grown very accustomed to using VISA Debit Cards like cash. Unfortunately the thieves have also grown fond of VISA Debit Cards. Since North Alabama Educators Credit Union is ultimately responsible for all unauthorized card activity, we have no choice but to take appropriate steps to reduce the card losses that affect the entire credit union membership.

$45 Million Cyber Bank Heist

It has been reported throughout many news outlets this week about the big cyber theft ring that was able to steal $45 Million in CASH from ATM's throughout the world across 26 countries. You read a headline like that and wonder "How can that happen?".

Unlike some of the other merchant data breaches that all financial institutions have seen over the years, this theft did not impact any individual consumer accounts. These cyber thieves were able to hack into the databases of prepaid debit cards and eliminate the normal daily cash limits and ATM limits. These cyber thieves produced their own cards and PIN numbers based upon card numbers registered within the databases. 

The first wave of worldwide ATM cash outs netted $5 Million in roughly 4,500 ATM transactions across 20 countries.

The second wave of attacks produced some 36,000 transactions in the span of 10 hours, withdrawing $40 Million from ATM's in 24 countries. 

These ATM's would be totally depleted of money. Once an ATM was empty of cash they would move on to the next ATM. It is amazing to think of the sheer logistics of having that many people hitting individual ATM's within a short period of time and over multiple countries. 

A few arrests were made in the New York area but that group only represented a local cell that had stolen $2.4 million in the New York area. It should be noted that all of the banks involved which suffered losses were foreign banks based in the Middle East. 

This was a huge story in the financial world this week. Additional security measures and monitoring will no doubt be upgraded throughout the world following this theft. I would also anticipate individual ATM owners imposing daily amounts for non-customers to avoid this situation where one person would perform one cash withdrawal after another until the ATM was empty. 

   

Fake Texts, Pop-Ups, and Downloads

Cyber-fraud thieves continue to bombard consumers with fraudulent contacts via text messaging, computer pop-up messages, and software apps that appear to originate from legitimate businesses or government sources. Consumers are being tricked into providing valuable personal information over their computer, phone, or fax that can result in funds being drained from their accounts.

Smart phones in particular are being targeted because scammers know that most users have their phones with them and tend to read and respond more quickly to text messages, calls, and emails. Beware of any contact that focuses on the "urgent" nature of a response. Creating fear and panic is one of the goals of cyber-thieves as they want people to react differently than they normally would under calm circumstances. Fake messages and fake web sites are also harder to detect on the smaller screen of a smartphone. The key is to never provide any personal information or click on any link in response to one of these "urgent" messages. Only communicate with your financial institution using phone numbers or email addresses that you are certain about.

Unexpected pop-up windows on web sites can often be an attempt to either infect your device with spyware or obtain personal information. It is normal for the credit union to request a login ID and password when you sign in to either home banking or mobile banking. It is also normal for challenge questions to be asked if you are signing in from a new computer or location. It is NOT normal however for a financial institution to ever ask you - through a pop-up window - to type your name and information such as account number, date of birth, PIN numbers, and other personal information.

Consumers should be very suspicious of unsolicited offers to download free games, programs, and other apps. These great "deals" could contain malicious software to direct you to fake web sites or install spyware used to steal information that can lead to loss of funds. Anyone surfing the Internet from their phone or computer device should always have an updated anti-virus service to protect against fraud. Consumers should only install programs and apps from legitimate web sites, such as your Internet service provider, financial institution, wireless phone company, or trusted app providers.

Mobile technology is a wonderful resource for consumers but it also provides a growing opportunity for cyber-criminals to generate new methods of committing fraud.

Recent TV News Story on Debit Cards

Earlier this week one of the local television stations ran a story on identity theft involving card fraud with debit cards and credit cards. The implication from the news story was that use of debit cards was not advisable because of the increased fraud liability expense to consumers for fraudulent transactions. It was recommended that credit cards be used for purchases rather than debit cards because of the reduced liability and the fact that card fraud thieves would be using the financial institutions' money rather than the consumer's personal account.

There are a few other considerations here. First off, North Alabama Educators Credit Union does not charge any liability expense to our members for unauthorized debit card transactions due to fraud. Many other credit unions follow this same policy. The law may provide the ability to charge a $50 liability expense for debit card fraud but very few financial institutions actually do this. Another concern in using a credit card for everyday transactions is actually paying off that credit card in the same manner that your would for debit card purchases. Consumer debt remains a big problem, especially credit card debt, so it does require good money management skills to keep credit card balances low or paid off to avoid the debt trap. Steering consumers to use credit cards for all transactions could produce some financial pitfalls if not managed properly by the consumer. Spending what you know you have can prevent unwanted debt.

There was also concern cited in the news story about thieves obtaining PIN numbers when using debit cards. Consumers don't have to enter their PIN number for all transactions when using their debit card. To enhance security of card PIN's consumers can always choose the "CREDIT" option at merchant Point-of-Sale terminals and sign for transactions when using their debit cards. The transaction amount would still be deducted from the checking account.

On a personal note, my own debit card number was compromised and used fraudulently this past fall following a data breach by a major national restaurant chain. A considerable number of consumers in this area had fraudulent transactions because of this breach. None of our members who were affected were responsible for any costs associated with fraud on their accounts. The stolen funds were returned to the affected accounts usually within the same business day.

Consumers are certainly free to choose how they wish to use debit and credit cards. The recent news story however did not paint the full picture of how debit card fraud is actually handled by financial institutions. It also did not address the possible pitfalls of only using credit cards for purchase transactions. The bankruptcy courts are full of consumers who had good intentions of paying back their credit card debt but were unable to for a variety of reasons.

January Blues

January of every year is a tough time for educational employees who are paid monthly. School systems typically pay their employees before the Christmas break. While it is nice to be paid early before the holiday, this also means that it will be 40 days or so until the next monthly payroll will be posted. The additional expenses associated with the holidays also add some financial strain to the family budget.


The credit union can help with some short term lending options that are far superior to stopping in and utilizing one of the many payday lenders out there. Our Holiday Loan will be available through the end of January that can provide qualified borrowers up to $2,000 at a fixed rate as low as 5.99% APR. You may only need $200-$300 until payday which the credit union can provide. Some larger lenders do not want to process smaller loan amounts because they are “not profitable”. A small overdraft line of credit can be established to cover financial holes that may develop from emergencies and unexpected expenses. There is no cost to have an overdraft loan available for use. It is simply a good backup plan should the need arise.

January is a time for reflection for many consumers as they look back over the previous year and prepare for the coming year. Member statements from December will reflect the total dollar amount of overdraft fees paid during the year. Did you pay more in fees that you wanted to? Do you want to pay fewer fees this year? Now is the time to make a plan for the future to keep more of your hard earned money in your own pocket.

Christmas Club accounts are another way to set aside a few dollars every pay period for those holiday expenses next year. The credit union actually has a variety of different sub-accounts available that can be separate from your normal savings account. We have members now who have established their own “vacation fund” or “mad money” fund sub-accounts to build a pool of money for a specific purpose. There is no cost to establish or maintain these sub-accounts under the primary account. Ask any Head Teller or Member Service Representative for assistance in creating one of these accounts.