Data breaches are becoming commonplace, and banks and credit unions are trying to deal with the threat while working with law enforcement officials and federal and state regulators to try and protect consumers.
And no company or industry seems to be safe from data breaches.
Last month, JP Morgan Chase &Co. announced as many as 76 million households and 7 million small businesses were exposed in a data breach, according to Forbes.com, which tracks such incidents.
There have been breaches at the Home Depot, Target and Dairy Queen. Even Staples is investigating a possible data breach.
Banks have reissued thousands of credit and debit cards following incidents where customer information was exposed or stolen.
Even a majority of credit unions say local data breaches have affected their operations, according to a survey by the National Association of Federal Credit Union’s October Economic and CU Monitor.
According to the survey, large national retailer breaches, such as those that occurred at Target and Home Depot, have exposed 20.6 percent of member payment cards, on average.
The NAFCU estimates the Target breach cost credit unions nearly $30 million.
The national association said it does not release the number of credit union that responds to its Economic &CU Monitor surveys.
“Small, local breaches may not garner the same headlines, but they can be just as damaging for smaller financial institutions like credit unions,” the six-page report says. “A wide majority of respondents (84.4 percent) were impacted by a local data breach during the last two years.”
According to the survey, most credit unions expect to spend more on data breach costs in 2015 than they did this year.
Clark County Credit Union and One Nevada Credit Union are just two of the local credit unions affected by data breaches at some of the largest retailers nationwide.
“The impact of the recent card breaches has been significant,” said Wayne Tew, president and CEO of Clark County Credit Union. “Since the two most recent breaches, we have been re-issuing cards with changed expiration dates and CVV codes.”
Tew said Clark County Credit Union continues to receive daily alerts with small numbers of cards that have been breached. Clark County Credit Union operates five branches in Southern Nevada with 33,000 members and about $500 million in assets.
“To avoid any legal implications, I will refer to the breaches as coming from Part A and Party B without stating which is which,” Tew said. “To date, we have re-issued 2,440 cards due to the breach at Party A and 3,670 due to the breach at Party B.”
Direct fraud losses for Clark County Credit Union from Party A breaches so far total $22,123.76 and $830 from Party B, with more coming in, Tew told the Las Vegas Business Press.
“Unfortunately, the losses are becoming a regular part of doing business,” Tew said. “Safeguards we put in place are to re-issue the cards as soon as we receive notice of possible compromise of the card.”
One Nevada Credit Union declined to discuss the financial effect of the data breaches. Brad Beal, president and CEO of One Nevada Credit Union, said in both the Target and Home Depot breaches the credit union has had to reissue debit and credit cards.
“We try to time the re-issues in such a manner as the minimize inconvenience for our members,” Beal said. “Sadly, we (have) some members who have had their cards reissued for both breaches, which multiplies the inconvenience for them.”
Based in Las Vegas, One Nevada Credit Union has $800 million in assets, 75,500 members and 15 branches in Clark, Washoe and Nye counties.
“From the credit union’s viewpoint, we first must assess the magnitude of the breach, our potential loss exposure, and the cost of potentially reissuing cards,” Beal said. “These assessments require the attention of a number of our management personnel, and must be performed rather quickly.”
Most of the credit unions surveyed by the national association indicated they have started to put the appropriate safeguards in place.
“As to the credit union, we monitor consumer transactions carefully, watching for transactions that are inconsistent with each cardholder’s usual activity,” Beal said. “The cardholder is then promptly contacted to verify the legitimacy of any transaction that seems out of the ordinary.”
Beal said by closely monitoring consumer transactions, One Nevada Credit Union can “usually detect breaches before the merchant announces them.”
When asked if data breaches were becoming a cost of doing business, Beal said, “Absolutely not.” He said the credit union is opposed to simply accepting breaches as part of their normal business.
“Ultimately, consumers end up paying for breaches,” Beal said. “Strengthened data security at the point of card use would go a long way to reducing these breaches, strengthening the security and reliability of our nation’s automated payment systems, and eliminating consumer inconvenience and frustration.”
Beal said federal standards for merchant data security should be adopted.
Tew also called for strengthening data security.
“The greatest safeguard would be for the retailers to have some responsibility to cover the losses incurred by the financial institutions,” Tew said. “If they would put in place the same required security systems financial institutions do, the breaches would diminish.”
Tew said retailers are proud to boast that their customers will not suffer any loss, often implying that they, the retailers are eating the cost.
“I consider that to be deceptive business practice,” Tew said, “What retailers do not reveal is that they don’t suffer any hard losses because the costs are borne by the card issuing credit unions and banks.”