David Morrison of Credit Union Times reports some of the key results in a Flash survey conducted by the National Association of Federal Credit Unions (NAFCU) concerning fraud rates and costs credit unions have experienced in the past few years:
Credit union’s responding to NAFCU’s monthly Flash survey reported that merchants were the source of the majority of credit and debit card fraud attempts they were seeing.
According to the association, fully 36% of card fraud attempts had their roots in a data breach at a retail merchant, followed by 34.7% caused by hackers, 31% caused by card processors and 21.4% caused by card owners.
The report also offered some statistics regarding the losses credit union suffered after two of the biggest card breaches, the one at the TJX corporation in 2007 and the other at Heartland Payment Systems in 2009.
NAFCU member credit unions that participated in the survey reported that, on average, they had 6,104 card accounts impacted by the TJX breach and suffered over $34,000 in damage per CU. The credit unions reported that they had 12,825 card accounts, on average, impacted by the Heartland breach with damages averaging $76,160 per CU.
The results were reported in the August issue of NAFCU’s Flash Report, which provides additional data on the impact of the TJX and Heartland breaches. For the TJX breach, they report:
In one case, a total of 37,009 cards were affected, while another credit union reported total costs of $240,842.
For the Heartland Payment Systems breach, they report:
The largest number of affected cards reported among survey participants was 100,397, while the highest total costs reported were $513,000.
While both credit card use and debit card use increased during the past five years, debit card use reportedly increased much more (98.4% vs. 71.7%). With the increased number of fraud attempts, CU’s unreimbursed costs reportedly increased:
The rise in credit and debit card frauds have had a significant financial impact on credit unions, as only an average 9.4 percent of responding credit union’s total credit and debit card fraud losses in the past five years were covered by insurance. Nonetheless, 70.5 percent of the survey respondents indicated that their insurance costs increased as a result of the fraud attempts at their credit union in the past five years. This was only topped by reissuance costs, which increased for 78.7 percent of the respondents. Another major cost category were security costs, which increased for 54.1 percent. In addition, about one Quarter of the survey participants stated that their credit union hired additional staff in the past five years to handle credit and debit card fraud issues (27.6 percent) and that an average of 1,493 staff hours were dedicated to handling credit and debit card fraud issues in 2009 alone.
According to Tun Wait, Chief Economist for NAFCU, the survey had been sent to approximately 150 member credit unions, of which approximately 80 responded.