MADISON, Wis. (9/24/14)--A CUNA Mutual Group security expert advised credit unionmembers who were among the millions of consumers affected by the Home Depot security breach to sign up for the free identity theft protection services the retailer is offering.
Home Depot announced last week it is offering free identity theft protection to customers for one year. The service, through AllClear ID, would normally cost $14.95 per month.
"Given the tactics fraudsters use to obtain Social Security numbers and birthdates, it only makes sense to sign up for identity theft protection security services," Ken Otsuka, CUNA Mutual Group senior consultant of risk management, told News Now. "If they've already purchased your card data, they may try to purchase additional information through the underground market."
Otsuka also noted that the Fair and Accurate Credit Transactions Act enables consumers to order a free credit report annually from each of the three major credit reporting agencies.
Members should also monitor their accounts closely for fraudulent transactions, Otsuka said. It's a good idea set up alerts if any transaction reaches a certain threshold, he said.
Otsuka advised credit unions with affected cards to block and reissue them. "We have repeatedly seen that credit unions that elect not to block and reissue cards in these cases experience fraud on those cards sometime in the future," Otsuka said.
In the long term, Otsuka said the recently announced Apple Pay offers more security to consumers because it will include tokenization and biometrics.
First, to even gain access to the iPhone, users must use a fingerprint scanner. Secondly, through tokenization, Apple Pay removes the card number and replaces it with a randomly generated number.
"Card data is not stored on the device," Otsuka said. "A transaction identification number is transmitted that does not contain the debit or credit card number. I firmly believe that with Apple Pay, Apple is at the forefront of security in mobile payments."
CUNA Mutual also advised that fraudsters are taking advantage of weak authentication methods used in many voice-response units (VRU) or call centers to have the PIN changed on debit cards.
Changing debit card PINs using the card issuer's VRU typically requires the cardholder to pass three out of five security tests:
CUNA Mutual encourages credit unions that use VRU to change debit card PINs to require members successfully pass all five security tests rather than just three of the five.
Credit unions that change debit card PINs through the call center should evaluate the security questions used to confirm the caller's identity. Avoid using easily defeated security questions. Instead, use an identity verification service in the call center. If this is not possible, credit unions should use strong out-of-wallet questions to verify the caller's identity.