<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=4052188&amp;fmt=gif">

credit union securityIn light of the recent Target and Neiman Marcus credit card data breaches, there has been an increased discussion on the responsibility of data breaches — and rightfully so. The Target breach alone resulted in the theft of over 40 million debit and credit cards, encrypted PIN data and much more personal data.

The financial responsibility for credit union members fell on the credit unions themselves. With credit unions limited in what control they have over retailers, I thought to myself, “It is important for credit unions to know their responsibilities in what they can control.”

First, it is important to know a little about the debit and credit cards. The magnetic strip on the back contains data which is not encrypted. Therefore; names, primary account numbers and expiration dates are among the information residing “in the clear.” This is why card skimmers are very popular with criminals.

So what can you do to protect what you can control?

Protect PIN Numbers at ATMs and in Server Rooms

At this time, without EMV (PIN and chip), the only data that is encrypted is the four digit PIN. PINs are what stand between a criminal on one side of the ATM and the members’ cash on the other end. If your credit union owns, operates, or sponsors ATM’s, and is a member of CO-OP, Pulse, STAR and/or NYCE networks, it is imperative for the credit union to ensure a TR-39 PIN audit is conducted. The credit union should check with their network(s) to ensure they comply with security requirements that are set forth within the network’s PIN and key management security guidelines. The audits are required every even-numbered year and can be leveraged to ensure proper security is in place at ATMs and within your server room to prevent a compromise of members’ PINs.

Although not all credit unions are required to submit a TR-39 PIN audit, as part of due diligence, the credit union should ensure that one was completed by their third party processor and that all false findings were addressed.         

Perform ATM Physical Reviews

Another popular method of attack to compromise debit / credit card numbers and PINs is ATM skimming. A criminal will place a card skimming device which will read and record the magnetic strip. They will also affix a false attachment, such as a brochure holder or mirror, to the ATM concealing a pin-hole camera. These devices are often detectable to those who are familiar with the ATMs. As a protective measure, credit unions should physically inspect the ATMs for skimming devices and pin-hole cameras on a regular basis. Documentation of the review should also be retained.

Educate Your Members

As part of your member education program, make sure to include education about skimmers, safe ATM usage and PIN security. 

Stay diligent; and always trust, but verify!

This guest blog post was written by Idrees Rafiq, Jr., AVP IT Consulting at Credit Union Resources, Inc, one of SIGNiX's partners.

digital signatures for credit unions free ebook

You may also like

Report: Fraudsters getting help from credit union employees
16 January, 2013

A new report on credit union fraud came to a shocking conclusion. The study found that clever crooks have found ways to ...

Free eBook: Digital signatures for the credit union industry
Free eBook: Digital signatures for the credit union industry
13 February, 2013

We've released a free eBook titled “Digital Signatures Playing a Key Role in Addressing Today’s Credit Union Challenges”...

Card fraud on the rise at credit union ATMs
Card fraud on the rise at credit union ATMs
26 March, 2013

A new report shows that card fraud is on the rise, and your credit union could be at risk of being the source of fraud. ...