Many credit unions shored up their cybersecurity defenses to address concerns about security threats to their own institutions and data breaches at national retailers.
More than two-thirds of credit unions with $10 million or more in assets say they’re “very concerned” additional retailer breaches will impact their members’ debit and/or credit cards and personal information, and 29% report they’re “very concerned” about their credit union’s vulnerability to cyberattacks. These findings are consistent among all asset groups.
Not surprising, then, 76% of credit unions rank protecting member data as their top IT-related concern, followed by complying with regulations (52%) and meeting members’ demand for new and additional remote technology services (39%).
“The high-profile data breaches at Target, and more recently at Home Depot, reinforced what credit unions already knew: A host of bad apples will stop at nothing to commit cyberfraud,” says Haller. “Credit unions take a serious view on protecting their members’ data, so that threat can’t and won’t be underestimated.”
The Target breach proved costly to credit unions. In the first two months alone, credit unions incurred upwards of $30 million in related costs—not including fraud costs— and reissued around 4.6 million credit and debit cards, according to findings from a CUNA survey earlier this year. The average cost per affected card was $5.68. Future fraud losses likely will increase those costs.
In the past two years—and in direct response to Target and other breaches—more than half of credit unions responding to CUNA’s Technology Spending Survey have conducted a data security vulnerability test or made it a higher priority to implement EMV (Europay, MasterCard, and Visa) check card/credit card protections in advance of the Oct. 1, 2015 liability transfer deadline. That chip-based technology lessens the risk of fraud in point-of-sale transactions.
Nearly 40% of credit unions have implemented fraud detection/prevention systems or used vulnerability consultants to identify potential threats to their systems.
Credit unions are acting judiciously, says Robert Reh, chief information officer at $394 million asset Nassau Financial Federal Credit Union in Westbury, N.Y.
“It’s hard to keep up with all security threats that keep popping up, and the potential threats cybercriminals have in store, when you have limited time, staff resources, and money to spend on solutions,” says Reh, a former CUNA Technology Council executive committee member.
“Security is like insurance: How much is enough, and how much is too much?” Reh adds. “You want to have just the right amount of security to provide all protection needed while not overspending for what you don’t need or will never have use for.”
Despite all these precautions and improvements, high levels of trepidation exist among credit unions of all sizes because the threat shows no signs of dissipating.
“Credit unions must remain vigilant about protecting their members’ data, because cyberattacks likely will increase in frequency, grow in scope, and adapt to new barriers placed in their path,” Haller says.
NEXT Other security precautions