MADISON, Wis. (9/8/14)--In the wake of the Home Depot security breach, credit unions are reaching out to their members to advise them on the potential consequences of the incident, and to educate them on steps they can take to guard their sensitive online data.
The Home Depot breach, which could prove more costly to financial institutions than the Target breach of last year--credit unions paid more than $30.6 million in costs directly related to the breach, according to the Credit Union National Association--could have begun as early as April of this year, affecting any number of the more than 2,200 stores it operates in the United States, Canada and Mexico.
CUNA leaders continue to urge legislators in Washington, D.C., to ramp up security standards for merchants, which don't have to comply with nearly as stringent of requirements as financial institutions. CUNA also proactively supports efforts with the federal government and payment services providers to help prevent and remedy breaches that reach credit unions or their members.
Three Rivers CU, Fort Wayne, Ind., with $764 million in assets, started its outreach online with a blog post it has broadcast on social media sites that details the potential impacts of the breach.
"Because this could involve a large number of cards and impact many Three Rivers members, we wanted to share some facts and offer suggestions for ways to be proactive in securing your money matters with as little inconvenience as possible," wrote Chad Gramling, Three Rivers marketing insights manager, on the credit union's website.
Gramling told News Now that the credit union wanted to make sure its members knew it was monitoring the breach and to help them understand what problems and issues could arise because of it.
"We wanted to be proactive, and help them make the best decisions possible," Gramling said. (See related story: Members, CUs have tools for fraud detection, experts remind.)
The blog post says that while the breach is bad news, fortunately consumers won't face any fraud liability on their credit cards. Should fraudulent charges occur, the charges will be reversed once reported, Gramling wrote.
Gramling also reminds members, however, that the retailers that have been infiltrated also don't carry any liability, and that the majority of the liability falls upon the financial institution from which the cards have been issued, which could lead to added costs to the member.
"As a member-owned cooperative, this is your business and that's your money," Gramling wrote, adding that if fraudulent charges occur, Three Rivers might have to take action to recover losses, which could come in the form of lower dividend rates, higher loan rates and changes in fee structures.
Three Rivers isn't the only credit union who has reached out to members through social media. A quick search on Twitter produces numerous results of credit unions tweeting about the breach, and linking to Facebook pages with more information.
Golden Circle CU, Massillon, Ohio, with $89 million in assets, for example, tweeted "Poss data breach of debit & credit card data at home Depot reported. We are monitoring the situation."
Other credit unions, such as Space Coast CU, Melbourne, Fla., with $3.2 billion in assets, are proactively identifying which of its members may have been impacted and are monitoring their accounts for fraud.
All credit unions posting blog posts or notifying members through social media encourage members to actively monitor their accounts.
Meanwhile, following the Home Depot breach, Paul Stull, president/CEO of the Credit Union Association of New Mexico, went public with his concerns about the way the retail giant has handled its data security.
Early last week, Home Depot posted a statement on its website that said consumers would not be responsible for fraudulent charges, but that financial institutions would be.
Quoted in the Sept. 4 Albuquerque Business First, Stull said: "Who does Home Depot think will ultimately pay for their lack of data security? The consumer is left holding the bag as Home Depot takes no responsibility and then passes along the losses through banks and credit unions."