The insurer, CUNA Mutual Group, last week released a nine-page document detailing 13 broad security measures and more than 70 specific recommendations for credit unions that issue cards. For instance, it's recommending that credit unions do round-the-clock monitoring of transactions and develop automated capabilities for immediately acting on fraud alerts.
CUNA Mutual isn't making adoption of the security guidelines a requirement for its credit union customers. But the company will factor in what each credit union does to fight fraud when underwriting insurance polices in the future, said Chris Ryan, director of credit union protection at the Madison, Wis.-based insurer.
"What's driving this is the significant increase in fraud losses that we have seen across the credit union marketplace over the last 18 months," Ryan said. He added that credit unions and CUNA Mutual suffered a combined total of about US$100 million in losses from credit and debit card fraud last year -- up 15 percent from 2004 and 50 percent from 2003.
Steve Swofford, CEO of Alabama Credit Union in Tuscaloosa, said his organization has implemented or is in the process of implementing most of the security measures prescribed by CUNA Mutual. Even so, ACU this year for the first time expects to file claims to cover its losses from credit and debit card fraud, he said.
"We've never been able to claim insurance, because our losses were relatively low," he said. But this year's fraud losses likely will exceed ACU's deductible for such coverage, according to Swofford.
As a result of such claims, it's almost inevitable that CUNA Mutual's recommendations will eventually become a requirement for insurance coverage, Swofford said.
Corinne Sherman, vice president of card services at the Pennsylvania Credit Union Association in Harrisburg, said she thinks the new security initiative will go a long way toward reducing fraud losses within the industry.
However, the changes could cost credit unions money in the near term, Sherman added. "I think the immediate impact is going to be a bit overwhelming for credit unions to get everything in place," she said.
Ryan acknowledged that CUNA Mutual's Plastic Card Security Best Practices include a mix of "common sense" measures and more involved steps that could result in increased costs for credit unions.
CUNA Mutual's recommendations appear to be an effort to raise the bar above the levels set by the Payment Card Industry security mandates that were imposed last year by the major credit card associations, said John Pescatore, an analyst at Gartner Inc.
"PCI is all about protecting online transactions and [securely] storing credit card data," Pescatore said. He added that CUNA Mutual's guidelines are focused more directly on mitigating losses from fraudulent uses of cards.
As part of a broader set of antifraud initiatives, CUNA Mutual also is lobbying card associations for stronger data-protection standards and advocating litigation against merchants that allegedly fail to demonstrate due diligence in safeguarding sensitive data. Last April, it filed a lawsuit against BJ's Wholesale Club Inc. seeking to recover losses resulting from a security breach at the retailer.