By now, you’ve heard the news about Home Depot, and how the numbers to millions of customers’ cards have potentially been lifted from POS machines in stores throughout the country. Home Depot joins Goodwill, Target, and many other “big box” stores whose customers (and, by extension, YOUR customers) have fallen victim to card fraudsters in the last year or two.
As long as Americans use credit and debit cards, there will be hackers working hard to defraud them. Until the card industry adopts tougher data encryption standards, chip-and-pin technology, and other protections to help, uh, protect us, maybe the best thing banks and credit unions can do is adopt a series of steps to follow in the immediate aftermath of a breach. The idea here is not simply to follow a recovery road map, but to also make sure the execution of these steps is swift and standardized so that they can be implemented quickly – time after time if need be – to protect customers.
Speaking of customers, we spoke to ours. Here are a few of the initial steps some of the most proactive banks and credit unions take in order to protect customers after a big breach.
After you’ve been notified of a suspected breach by your card association, the next step typically involves waiting for the Compromised Account Management System (CAMS) alert containing cards thoughts to be in jeopardy. Problem is, the time between the breach and actually receiving that notice can be weeks. After a breach is suspected, proactive banks scan customer accounts for transactions at the retailers in question, during the time period in question, and flag them. At this point, the safe bet is to cancel and reissue a card immediately. Customers rarely mind your taking above-and-beyond measures to protect them.
Let’s say your search in Step 1 returns nothing out of the ordinary. If the customer’s card does appear on the aforementioned CAMS alert, the next step should be to immediately reduce spending limits. This adjustment protects your customer from outlandish charges, allows them to continue making at least small purchases, and gives you time to “hot card” and reissue. Piece of advice here: If your trouble cards number into the hundreds or thousands, you’ll need to consider how you will go into each account and make the changes. Will you handle this manually? Will you outsource to your core?
Now that spending limits have been remedied, the compromised cards need to be flagged as compromised and then cancelled. While most card issuance and core systems allow you to designate this, the problem of how remains: How will you identify the accounts, how will you go into each account, and how will you add the hot card designation?
We are a society built with plastic. Your customers need to buy, and they need to do it with your card. One EnableSoft customer had 20,000 card holders (twenty thousand!) whose cards were compromised in the Target breach of 2013. This means that their plan of action might have been to set aside a small workforce to manually reissue 20,000 cards. Alternatively, they had Foxtrot handle the job and issues each of these in a matter of days with no manual entry.
To keep customers happy, you need to keep them in the loop. This means keeping customers informed of and during each step of the recovery, including sending e-mails and letters, and adding notes to their account so that CSR and call center reps can update the customer should they need to speak to one. Make sure you’re writing, calling, and communicating with your customers. Wouldn’t it be great to inform your customers, after they’ve already inquired with you about a breach, that you have a new card in the mail and on its way to them? You can’t prevent a big breach, but you can control how your customers view your operation in the aftermath.
Of course, the best solution here is to automate the entire process with Foxtrot. Foxtrot automation software can query customers’ accounts for suspicious transactions, then work between your core and card system to cancel and reissue cards at the push of a button. Foxtrot even deploys e-mails and notes accounts to keep everyone informed. Best of all, Foxtrot scripts are written in advance and can be deployed at the first hint of trouble. It’s a solution that eliminates virtually all of the manual work after a card breach, and makes your bank look like a superstar.
Want to see more? Read this quick case study about how we helped one customer immediately after last year’s breach at Target stores. Or, click here for a story in American Banker about how we helped another.