Friday , November 22, 2024

Survey: Banks’ Post-Breach Reissuance Increasingly Costly

Many banks are reflexively reissuing debit cards in the wake of a breach, possibly stopping fraud losses but sustaining huge reissuance costs and eroding customers' trust. That's according to survey research released this week. “[Breaches] occur all the time, and don't show any signs of going away,” says Paul Henninger, director of fraud solutions at Actimize Inc., the New York City-based vendor of anti-fraud software that sponsored the research. As breaches multiply?and as hackers increasingly target transaction processors like Heartland Payment Systems Inc. and RBS WorldPay Inc., the two most recent processor targets?issuers will have to find ways to more selectively shut off access to accounts, he says. As it is, reissuance costs as much as $30 per card, he estimates, with postage, call-center, and other operational overhead factored in on top of the actual cost of a card. “Banks have to decide what approach to take,” Henninger warns. Actimize's research effort, which last month surveyed 113 institutions around the world (51% in North America) about fraud on PIN- and signature-based debit card transactions, also sheds light on the possible size of the Heartland breach, which the Princeton, N.J.-based processor reported in January. Heartland has not released any figures for how many accounts were compromised, but in the survey 30% of respondents said they had seen fraud they believed stemmed from the breach. That's nearly on a par with the 31.25% who reported attacks from data stolen in the TJX Cos. Inc. breach, which was reported more than two years ago and involved anywhere from 40 million to 100 million compromised accounts. The data suggest, says Henninger, that either hackers are getting more aggressive about using stolen card data or “the Heartland compromise was at least as big as TJX if not larger.” With major breaches now involving merchant processors holding data affecting possibly thousands of banks, issuers face mounting costs that go well beyond actual fraud losses, the report says. Even though some 48% of respondents reported that fewer than 1% of the accounts they are notified of as having been exposed in a breach are actually hit with fraudulent activity, nearly 15% are replacing more than 20% of their cards in the wake of a data breach. “These are cards they pre-emptively reissued without any indication of fraud,” says Henninger. “It's a massive number of cards.” He credits the banks with taking fraud seriously, but says they are relying on a “blunt instrument,” namely legacy processing systems that were not designed to handle the aftermath of a mass data compromise. Two technologies that would help, he says, are real-time transaction monitoring and analytical modeling updated to include characteristics of mass compromises. Some issuers, Henninger says, are getting the message that wide-ranging?and repeated–card replacements shake consumer confidence in the issuing institution. “These were risk professionals respondng,” he says. “They appear to be as concerned about the impact on consumers as they are with the financial impact.” Indeed, more than 78% of respondents said they are seeing a decline in consumer trust as a result of data breaches, Henninger says. “If you have a customer who lacks trust in the banking institution, that's a serious problem,” he notes.

Check Also

Flywire Teams With Blackbaud to Enable Cross Border Tuition Payments in the U.S.

Flywire Corp., a specialist in payments for higher education, has partnered with Blackbaud Inc., a …

Digital Transactions