February 18, 2015

ECUM: $226K, 1,600 hours spent per CU on data breaches

Credit union respondents to a NAFCU survey spent an average of $226,000 and an estimated 1,600 hours last year on debit and credit card fraud issues resulting from merchant data breaches, according to the association's February Economic and CU Monitor.

Respondents to the survey report confirmed that merchant data breaches are becoming an epidemic. "On average, 17.5 percent of survey respondents' debit cards and 10.3 percent of credit cards were exposed in retailer breaches last year," the report says.

In the event of a merchant data breach and "even in situations where retailers are to blame for jeopardizing customers' financial data, credit unions are the ones that bear the cost to make their members whole," it says.

NAFCU estimates that merchant data breaches cost the credit union industry over $31 million in 2014.

The survey respondents said the costs were primarily attributed to reissuing cards (40.6 percent), followed by fraud investigation and losses (32.7 percent) and monitoring costs (25 percent).

In response to merchant breaches that occurred last year, 88.5 percent of survey respondents notified their members, 65.4 percent issued new cards upon request, 57.7 percent placed a fraud alert on the account and 53.8 percent issued new cards unilaterally.

NAFCU was the first financial trade organization to call for national data security standards for retailers in the wake of the massive Target breach, and the association continues to push for legislative action.