Navigation

• Home
• About Us
• Member Services
• Loan Products
• Member Rates
• Insurance Products
• Privacy / Security
• Calculators

• Member Testimonials

• ESCU Links
• Refer a Friend

News

Risk Alert: Phishing may increase following recent Data Breach
Credit Unions should be aware that following the recent data breach at Atlanta-based Global Payments Inc., phishing attacks targeting credit union and other financial institution members may increase. Credit Unions should consider taking steps to post a warning notice advising members of this potential threat. The upsurge in phishing may impact all members regardless of whose cards were compromised as well as any other non-affected members.

Global Payments reported in an April 1st press release that the breach involved less than 1.5 million debit and credit cards for which Track 2 data may have been stolen. Track 2 data includes cardholder names, card numbers and validation codes; however, it is important to note that cardholder addresses and social security account numbers were not stolen in the breach.

Because the addresses and social security numbers were not accessed in the breach, criminals may be seeking this information in particular through the use of phishing. CUs should alert members to be wary of any suspicious e-mails, text messages or phone calls seeking such personal and financial information. Sensitive information that may be requested in a phishing attempt could include the cardholder’s billing address, the three digit CVV2/CVC2 code found on the back of the card, or enrollment criteria/passwords for Verified by Visa or MasterCard SecureCode.

Once this other information is added to the stolen Track 2 data, an individual would be able to perform “card present” or “card not-present” transactions on an account.

Recommendations:

• · Remind members to never respond to telephone calls, e-mails or text messages requesting personal or financial information.
• · Post educational notices to define and explain phishing e-mails, text messages and phone call scams.
• · Post notices on your website, in your newsletters or and in your public lobbies reminding Members that the credit union will never solicit personal or financial information.

In the event a member reports contact that appears to constitute a phishing attempt where personal information of the member has been compromised, the Credit Union should consider implementing the following actions:

• · Immediately suspend the Member’s credit/debit account by blocking the account for all transactions, and issue the Member a new credit/debit card number;
• · Red Flag the Member's accounts and advise the Member to monitor their accounts closely and report any discrepancies to you;
• · Encourage the Member to report such incident to the credit bureaus and order a current credit report;
• · As with any online fraud attempt, encourage the Member to report the incident to the Federal Trade Commission and to file a complaint with the Internet Crime Complaint Center at www.ic3.gov.