What can your credit union learn from the Target breach?
by. Emily Maxie
In light of the recent Target and Neiman Marcus credit card data breaches, there has been an increased discussion on the responsibility of data breaches — and rightfully so. The Target breach alone resulted in the theft of over 40 million debit and credit cards, encrypted PIN data and much more personal data.
The financial responsibility for credit union members fell on the credit unions themselves. With credit unions limited in what control they have over retailers, I thought to myself, “It is important for credit unions to know their responsibilities in what they can control.”
First, it is important to know a little about the debit and credit cards. The magnetic strip on the back contains data which is not encrypted. Therefore; names, primary account numbers and expiration dates are among the information residing “in the clear.” This is why card skimmers are very popular with criminals.
So what can you do to protect what you can control?
Protect PIN Numbers at ATMs and in Server Rooms
At this time, without EMV (PIN and chip), the only data that is encrypted is the four digit PIN. PINs are what stand between a criminal on one side of the ATM and the members’ cash on the other end. If your credit union owns, operates, or sponsors ATM’s, and is a member of CO-OP, Pulse, STAR and/or NYCE networks, it is imperative for the credit union to ensure a TR-39 PIN audit is conducted. The credit union should check with their network(s) to ensure they comply with security requirements that are set forth within the network’s PIN and key management security guidelines. The audits are required every even-numbered year and can be leveraged to ensure proper security is in place at ATMs and within your server room to prevent a compromise of members’ PINs.
continue reading »